Collaboration involves the ability for each member in a group of members, called “collaborators” to automatically transmit information to, and receive information from, other collaborators in the group. In order to facilitate such collaboration, various systems have been developed that allow such information to be transmitted between personal computer systems, communication appliances or other communication devices, including handheld and wireless devices. Collectively, these devices will be referred to a “computers” in this description.
Computer-based collaboration may occur over a network, such as the Internet, wherein each of the users is located at a computer connected to the network. One collaboration model currently in use is a “peer-to-peer” model in which direct connections are established over the network between each of the collaborator computers. Information generated by each collaborator is then sent directly to each other collaborator.
When peer-to-peer collaboration systems send information over the Internet, additional care must be taken to insure that the communications are secure. While the Internet is ideally suited for collaboration because it has the ability to connect widespread users with diverse hardware and software, communication over the Internet is not generally considered secure because messages sent over the Internet are typically funneled to third-party infrastructure where communications can be intercepted and confidences violated. Consequently, in peer-to-peer collaboration systems that use the Internet, the collaboration data is typically contained within private shared spaces on each computer. Security is maintained by carefully controlling access to these spaces and checking identities of collaborators and by encrypting all communications that pass over the Internet between collaborators.
The latter type of collaboration system is described in detail in U.S. patent application Ser. No. 09/357,007, now U.S. Pat. No. 6,640,241, issued, Oct. 28, 2003, entitled METHOD AND APPARATUS FOR ACTIVITY-BASED COLLABORATION BY A COMPUTER SYSTEM EQUIPPED WITH A COMMUNICATIONS MANAGER, filed Jul. 19, 1999 by Raymond E. Ozzie, Kenneth G. Moore, Robert H. Myhill and Brian M. Lambert; U.S. patent application Ser. No. 09/356,930, now U.S. Pat. No. 6,446,113, issued Sep. 3, 2002, entitled METHOD AND APPARATUS FOR ACTIVITY-BASED COLLABORATION BY A COMPUTER SYSTEM EQUIPPED WITH A DYNAMICS MANAGER, filed Jul. 19, 1999 by Raymond E. Ozzie and Jack E. Ozzie; U.S. patent application Ser. No. 09/356,148, now U.S. Pat. No. 6,859,821, issued Feb. 22, 2005, entitled METHOD AND APPARATUS FOR PRIORITIZING DATA CHANGE REQUESTS AND MAINTAINING DATA CONSISTENCY IN A DISTRIBUTED COMPUTER SYSTEM EQUIPPED FOR ACTIVITY-BASED COLLABORATION, filed Jul. 19, 1999 by Raymond E. Ozzie and Jack E. Ozzie and U.S. patent application Ser. No. 09/571,851, now U.S. Pat. No. 6,986,046, issued Jan. 10, 2006, entitled METHOD AND APPARATUS FOR MANAGING SECURE COLLABORATIVE TRANSACTIONS, filed May 12, 2000 by Walter E. Tuvell and Nimisha Asthagiri.
In such peer-to-peer collaboration systems, local data copies are stored on each collaborator's computers and each collaborator gesture or action is duplicated in the local object store of each member's machine. For example, assume that a map is displayed on all collaborators computer. When one collaborator draws a circle on the map, that computer sends a message to the other computers to draw the same circle on the maps in their shared spaces. The system does not need to resend the entire edited map, but rather only the change to the map.
There is often a need for one or more of the collaborators to access an application, system or service that is external to the shared space and may reside on a local device or elsewhere on the network. For example, a collaborator may want to access a Web page on the Internet. In this case, the collaborator enters a URL into a Web browser that is part of the collaboration system and submits the information to the Internet. The collaboration system then sends a message to the other collaborators to cause them to perform the same action. In this case, each of the collaborators individually connects to the Web site and downloads the selected Web page directly into his or her shared space. Such an arrangement is called “multi-point access.”
However, in other cases, members of a shared space need access not to external Web-based information, but rather to internal server-based information residing in customer relationship management systems, enterprise resource planning systems, document and knowledge management systems, etc. For example, a consulting team working together with a collaboration system might need access to customer history, current pricing schedules, or best practices guidelines. In such a case, it would be inefficient for multiple members to make independent calls to the centralized server because the server would have to process the same request and provide the same result multiple times. In addition, each computer would require an installed interface with the internal database application and would have to be configured, potentially with extremely sensitive password information that is generally considered inappropriate outside of the enterprise firewall.
Another common customer example uses the reverse relationship: the members of a shared space have created or modified content (e.g., updated a customer record, amended a best practices document with new knowledge). These changes now need to be captured, managed and shared centrally by the appropriate server-based system(s). Again, it would be inappropriate for multiple members of the space to send the single change.
Thus, it would be useful to be able to connect shared spaces to an external application, system or service from a single point in the shared space. It would also be useful to create shared spaces from an external application, system or service and to be able to move data between the shared space and the external system either unidirectionally or bi-directionally. However, in all cases, it is important to insure that such a connection does not compromise the security of the shared space.
Further, it is also desirable that the mechanism that is used to establish the connection be operable with different interfaces and protocols. For example, a connection between a shared space and an external system could be established via interfaces, such as Microsoft Transaction Server, or Microsoft Message Queue or via SOAP for systems that expose objects through Extended Markup Language (XML.) Other protocols such as HTTP or FTP could also be used.